kern

Checkout Tools
  • last updated a few seconds ago
Constraints
Constraints: committers
 
Constraints: files
Constraints: dates
System calls operating on file descriptors obtain a reference to

relevant struct file which due to a programming error was not always put

back, which in turn could be used to overflow the counter of affected

struct file.

  1. … 1 more file in changeset.
Due do a missing check in the code of m_pulldown(9) data returned may not be

contiguous as requested by the caller.

If a process attempts to transmit rights over a UNIX-domain socket and

an error causes the attempt to fail, references acquired on the rights

are not released and are leaked. This bug can be used to cause the

reference counter to wrap around and free the corresponding file

structure.

System calls operating on file descriptors obtain a reference to

relevant struct file which due to a programming error was not always put

back, which in turn could be used to overflow the counter of affected

struct file.

The code which handles a close(2) of a descriptor created by

posix_openpt(2) fails to undo the configuration which causes SIGIO to be

raised. This bug can lead to a write-after-free of kernel memory.

  1. … 1 more file in changeset.